// admin can walk over all interfaces :-) if (isset($_SESSION['user_id']) && isset($_GET['to_id'])) { $from_id = $_SESSION['user_id']; $to_id = $_GET['to_id']; //lets che if user who we want to crack exist $query = <<<SQL_QUERY select admin_id from admin where admin_id = ? SQL_QUERY; $rs = exec_query($sql, $query, array($to_id)); if ($rs->RowCount() == 0) { set_page_message(tr('User does not exist!')); header('Location: manage_users.php'); die; } $dest = change_user_interface($from_id, $to_id); if ($dest == false) { header('Location: manage_users.php'); die; } else { header("Location: {$dest}"); die; } } else { header('Location: manage_users.php'); die; }
* Portions created by the ispCP Team are Copyright (C) 2006-2010 by * isp Control Panel. All Rights Reserved. * * Portions created by the i-MSCP Team are Copyright (C) 2010-2015 by * i-MSCP - internet Multi Server Control Panel. All Rights Reserved. */ // Include needed libraries require 'imscp-lib.php'; iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onResellerScriptStart); // Check for login check_login('reseller'); // Switch back to admin if (isset($_SESSION['logged_from']) && isset($_SESSION['logged_from_id']) && isset($_GET['action']) && $_GET['action'] == 'go_back') { change_user_interface($_SESSION['user_id'], $_SESSION['logged_from_id']); } elseif (isset($_SESSION['user_id']) && isset($_GET['to_id'])) { // Switch to customer $toUserId = intval($_GET['to_id']); // Admin logged as reseller: if (isset($_SESSION['logged_from']) && isset($_SESSION['logged_from_id'])) { $fromUserId = $_SESSION['logged_from_id']; } else { // reseller to customer $fromUserId = $_SESSION['user_id']; if (who_owns_this($toUserId, 'client') != $fromUserId) { showBadRequestErrorPage(); } } change_user_interface($fromUserId, $toUserId); } else { showBadRequestErrorPage(); }
* The contents of this file are subject to the Mozilla Public License * Version 1.1 (the "License"); you may not use this file except in * compliance with the License. You may obtain a copy of the License at * http://www.mozilla.org/MPL/ * * Software distributed under the License is distributed on an "AS IS" * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the * License for the specific language governing rights and limitations * under the License. * * The Original Code is "VHCS - Virtual Hosting Control System". * * The Initial Developer of the Original Code is moleSoftware GmbH. * Portions created by Initial Developer are Copyright (C) 2001-2006 * by moleSoftware GmbH. All Rights Reserved. * * Portions created by the ispCP Team are Copyright (C) 2006-2010 by * isp Control Panel. All Rights Reserved. * * Portions created by the i-MSCP Team are Copyright (C) 2010-2015 by * i-MSCP - internet Multi Server Control Panel. All Rights Reserved. */ // Include core library require_once 'imscp-lib.php'; iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onClientScriptStart); check_login('user'); if (isset($_SESSION['logged_from']) && isset($_SESSION['logged_from_id']) && isset($_GET['action']) && $_GET['action'] == 'go_back') { change_user_interface($_SESSION['user_id'], $_SESSION['logged_from_id']); } else { showBadRequestErrorPage(); }
* The contents of this file are subject to the Mozilla Public License * Version 1.1 (the "License"); you may not use this file except in * compliance with the License. You may obtain a copy of the License at * http://www.mozilla.org/MPL/ * * Software distributed under the License is distributed on an "AS IS" * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the * License for the specific language governing rights and limitations * under the License. * * The Original Code is "VHCS - Virtual Hosting Control System". * * The Initial Developer of the Original Code is moleSoftware GmbH. * Portions created by Initial Developer are Copyright (C) 2001-2006 * by moleSoftware GmbH. All Rights Reserved. * * Portions created by the ispCP Team are Copyright (C) 2006-2010 by * isp Control Panel. All Rights Reserved. * * Portions created by the i-MSCP Team are Copyright (C) 2010-2015 by * i-MSCP - internet Multi Server Control Panel. All Rights Reserved. */ // Include core library require 'imscp-lib.php'; iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAdminScriptStart); check_login('admin'); if (isset($_SESSION['user_id']) && isset($_GET['to_id'])) { change_user_interface($_SESSION['user_id'], intval($_GET['to_id'])); } else { showBadRequestErrorPage(); }